Skillv3.2.14

ClawScan security

Castreader Openclaw Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 30, 2026, 4:37 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files, scripts, and instructions are coherent with its stated purpose (extract a URL or local book and produce TTS via CastReader), but it requires running npm (Puppeteer/Chromium), will send extracted text to an external TTS API, and has a few minor metadata mismatches you should be aware of.
Guidance: What to consider before installing: - Network & privacy: The skill extracts webpage text and book files and sends that text to an external TTS API (default https://api.castreader.ai). If pages or books contain sensitive data, do not use the online TTS mode. The API key is optional; if you set CASTREADER_API_KEY it will be included in requests to the API. - Install footprint: You must run `npm install` in the skill folder. That will install Puppeteer and many npm packages and will download a Chromium binary — expect a large download and extra disk space. Prefer running in a sandbox, container, or VM if you are cautious. - Local file access: The skill will read from ~/castreader-library/books/ for synced books. Ensure only intended files are stored there before using the book features. - Code review & testing: If you want to be extra safe, inspect the included scripts (they are present) and test extraction-only mode (run `node scripts/read-url.js <url> 0`) offline to verify extraction behavior without generating TTS. You can also run `npm install --no-audit` in an isolated environment and monitor network traffic. - Metadata mismatch: The registry metadata didn't declare the environment variables the scripts use — be aware and set/omit CASTREADER_API_KEY and CASTREADER_API_URL intentionally. If these observations are acceptable, the skill appears to do what it claims. If not, consider an offline/local TTS alternative or running the tool in an isolated environment.
Findings: [uses-puppeteer] expected: Puppeteer is necessary for headless browsing and page extraction; install will download Chromium which increases install footprint and network activity. [external-tts-api-calls] expected: scripts call POST {CASTREADER_API_URL}/api/captioned_speech_partly and will upload text to that endpoint (default https://api.castreader.ai). This is expected for a TTS service but implies extracted webpage/book text is transmitted to an external service. [reads-home-directory-castreader-library] expected: sync-books.js reads ~/castreader-library/books/* to enumerate and open book files — expected for book-reading functionality, but this is access to local user files.

Review Dimensions

Purpose & Capability: noteThe skill is a URL/book-to-audio tool and its code (extractor bundle, puppeteer-based extraction, and TTS calls) matches that purpose. It also reads a local library directory (~/castreader-library/books/) for synced books — this is consistent with the 'read books' capability. Small mismatch: the SKILL metadata does not list environment variables (CASTREADER_API_URL/VOICE/API_KEY) even though the scripts use them; README documents them.
Instruction Scope: noteSKILL.md instructs the agent to run npm install and then use the provided node scripts only. Those scripts (extract/read-url/sync-books/generate-text) perform web browsing via Puppeteer, inject extractor-bundle.js into target pages, read/write files under /tmp and the user's home castreader-library, and POST extracted text to an external TTS endpoint (default https://api.castreader.ai). All of these actions are within the stated scope, but they do involve sending extracted webpage/book text off-host (privacy consideration).
Install Mechanism: noteThere is no automated install spec in the registry, but SKILL.md insists on running `npm install` in the skill directory. package.json depends on puppeteer, which will fetch many npm packages and download a Chromium binary during install — a moderate-risk, high-footprint operation. The packages come from the npm registry (no obscure URLs), but you should expect a substantial download and native resource use.
Credentials: concernThe skill does not declare required env vars in registry metadata, but the code reads optional environment variables: CASTREADER_API_URL, CASTREADER_API_KEY, CASTREADER_VOICE, CASTREADER_SPEED. Using an API_KEY (if provided) would send that secret to the TTS API on requests. The scripts also read files under the user's home directory (~/castreader-library/books/) — appropriate for reading synced books but potentially sensitive. Overall the requested/used env and filesystem access are explainable for the feature set but the registry metadata omission and the fact that extracted text is posted to an external API are notable concerns.
Persistence & Privilege: okThe skill does not request 'always: true', does not modify other skills or system settings, and does not persist agent-wide configuration. It runs as-invoked (node scripts) and does not request elevated privileges beyond normal filesystem and network access for the current user.